Commit Graph

4574 Commits (52f56527d80b1435c85d832f559d967417c6d007)

Author SHA1 Message Date
Dylan Davis 34e9b2c04b Change ipmi_dumphashes to have non-verbose output, ever 2017-06-02 14:27:21 -06:00
Jeffrey Martin 2924318ca5
update java_rmi_server modules with CVE 2017-06-02 12:59:48 -05:00
HD Moore eebfd9b7f2 Switch to the mixin-provided SMB share enumeration methods 2017-05-26 17:02:06 -05:00
juushya af4eafdf70 Updated module and doc 2017-05-24 06:33:08 +05:30
James Lee 4def7ce6cc
Land #8327, Simplify storing credentials 2017-05-18 16:49:01 -05:00
h00die b2f69e9018 spelling 2017-05-15 21:11:19 -04:00
Brent Cook faf01ed5ef
Land #8353, add aux scanner for Intel AMT digest bypass 2017-05-09 18:45:21 -05:00
HD Moore f7ff840ef0 Add missing return, thanks bperry! 2017-05-08 14:08:59 -05:00
HD Moore 9392e48b72 Add a scanner for Intel AMT auth bypass (CVE-2017-5689) 2017-05-08 13:24:00 -05:00
Jeffrey Martin a1efa30fa2
comments adjustments & enum better 2017-05-08 11:57:06 -05:00
Brendan Coles 635a7a42e6 Update style lotus_domino_hashes 2017-05-07 16:37:48 +10:00
Jeffrey Martin e2fe70d531
convert store_valid_credential to named params 2017-05-05 18:23:15 -05:00
Jeffrey Martin 63b6ab5355
simplify valid credential storage 2017-05-04 22:51:40 -05:00
darkbushido 81bcf2ca70 updating all LHOST to use the new opt type 2017-05-04 12:57:50 -05:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
William Vu 1a402ed1d8 Add arch to smb_ms17_010 DOUBLEPULSAR detection 2017-04-26 20:59:13 -05:00
Brent Cook f8792956ee fix one module for testing 2017-04-26 16:21:13 -05:00
zerosum0x0 55f01d3fc7 made the plugin less spammy with more vprintf 2017-04-24 13:33:05 -06:00
zerosum0x0 453ca6e3bf added OS printing on vulnerable systems 2017-04-24 13:20:44 -06:00
zerosum0x0 a69aba0eab added XOR Key calculation 2017-04-22 23:54:30 -06:00
zerosum0x0 8a77bf7b60 removed wrong comments 2017-04-21 08:27:13 -06:00
zerosum0x0 9fab64c60e added references 2017-04-20 15:22:37 -06:00
zerosum0x0 dd12afd717
added DoublePulsar detection 2017-04-20 15:03:29 -06:00
William Vu 942959f7e8
Land #8255, fixes for smb_ms17_010 2017-04-17 11:38:34 -05:00
Brent Cook 7b936b0012
Land #8184, convert IPMI protocol and modules to bindata 2017-04-17 07:40:15 -05:00
Brent Cook 6f70efcfa1 add module documentation 2017-04-17 07:39:43 -05:00
William Vu b1c7f1302b Fix report_vuln and prefer vprint_error 2017-04-17 02:48:56 -05:00
Brent Cook 42122d2835
Land #8238, move SMB2 support back into smb_login, add simpler permissions checks 2017-04-14 14:06:46 -05:00
dmohanty-r7 d75f852d01
Land #8167, Add MS17-010 auxiliary detection module 2017-04-14 13:00:16 -05:00
David Maloney 91fb3ce6b8
collapse SMB2 support into smb_login
converge the SMB and SMB loginscanners so that
there is only one SMB loginscanner that supports both

MS-2636
2017-04-13 15:22:03 -05:00
David Maloney adeb4d10d7
smb2 login scanner admin check now working
we can now check for admin privs in the smb2
login scanner

MS-2636
2017-04-13 14:40:32 -05:00
William Webb c867b7e228
Land #8204, Add Cambian ePMP SNMP Configuration download 2017-04-11 10:59:13 -05:00
zerosum0x0 f7c8bd2464 add rescue for ::Rex::Proto::SMB::Exceptions::LoginError 2017-04-07 15:37:56 -06:00
juushya e65eacce49 Add Satel SenNet Command Exec Module 2017-04-07 02:22:11 +05:30
juushya 3c189f0cb0 Adding Cambium SNMP Loot module 2017-04-07 01:32:45 +05:30
Brent Cook 5f88971ca9 convert NTP modules to bindata 2017-04-04 02:57:38 -05:00
Brent Cook 46c7e822c8 convert IPMI protocol and modules to bindata 2017-04-04 02:44:17 -05:00
Brent Cook 98ffa4d380
Land #7652, add varnish cache CLI authentication scanner module 2017-04-02 21:52:45 -05:00
zerosum0x0 26fc6bc920 added report_vuln() 2017-04-01 21:48:19 -06:00
William Webb 035f37cf42
Land #8144, Add Moxa Device Discovery Scanner Module 2017-03-31 19:11:27 -05:00
William Webb f870f94fa9
Land #8163, Add Cambium ePMP Arbitrary Command Execution 2017-03-31 19:06:19 -05:00
zerosum0x0 4bd50b0ad2 Merge branch 'ms17-010' of github.com:RiskSense-Ops/metasploit-framework into ms17-010 2017-03-30 10:10:08 -06:00
zerosum0x0 a125566fc7
removed unnecessary arguments 2017-03-30 10:09:31 -06:00
zerosum0x0 ef7de6d49e added MSB to description, moved a print statement 2017-03-29 17:43:49 -06:00
zerosum0x0 68f5c0e663
removed a print statement 2017-03-29 16:24:59 -06:00
zerosum0x0 7e6b8b02b8
replaced magic constant with setup_count 2017-03-29 15:37:28 -06:00
zerosum0x0 9923c39799
removed superfluous status 2017-03-29 15:32:29 -06:00
zerosum0x0 f0a1e12a7e
small typos 2017-03-29 15:30:35 -06:00
zerosum0x0 ffa376c514
added MS17-010 auxiliary detection module 2017-03-29 14:33:02 -06:00
David Maloney a571bcdba4
update module description 2017-03-29 13:58:36 -05:00
David Maloney 418e371e35
add SMB2 login scanner and module
add smb2_login module backed by an smb2
LoginScanner class. This is a temporary alternative
to smb_login until ruby_smb catches up more on feature parity

MS-2557
2017-03-29 11:36:33 -05:00
juushya 30896d1fab Add Cambium ePMP Arbitrary Command Execution Module 2017-03-28 00:17:36 +05:30
William Webb 66a585ab41
Land #8050, Add Cambium ePMP System Hash Dumper 2017-03-27 12:08:53 -05:00
William Webb 935c59306b
Land #7897, Add Cambium ePMP 1000 Device Configuration file dumper 2017-03-27 12:05:11 -05:00
William Webb d705949b37
Land #7784, Cambium ePMP 1000 Login Scanner 2017-03-27 12:01:56 -05:00
juushya dd7cf39678 updated references 2017-03-25 12:31:08 +05:30
juushya 63d88c159a updated references 2017-03-25 12:27:38 +05:30
juushya fd5e25bcc2 restored version check 2017-03-25 12:08:00 +05:30
Patrick DeSantis 2200c9faee Create moxa_discover.rb 2017-03-22 10:49:26 -04:00
h00die 7bcd53d87d
Land #8079, exploit and aux for dnaLims 2017-03-20 11:08:05 -04:00
h00die fd5345a869 updates per pr 2017-03-20 10:40:43 -04:00
Brent Cook aa1e76f28e
Land #8128, ensure there is a response before deferencing 2017-03-19 22:17:31 -05:00
h00die f88a522bf5 fix #8121 2017-03-18 14:50:24 -04:00
h00die 06e6a973ce
land #7944 a scanner for Carlo Gavazzi energy meters 2017-03-18 10:35:43 -04:00
wchen-r7 a1d7748d82 Fix #8061, Handle ::Errno::ECONNRESET in telnet_version
Fix #8061
2017-03-15 16:33:37 -05:00
wchen-r7 8afe6a9061 Update easy_file_sharing_ftp and add documentation 2017-03-15 16:14:41 -05:00
wchen-r7 cf8b4a78fa
Bring branch up to date with upstream-master 2017-03-14 16:48:33 -05:00
Ahmed Elhady Mohamed 183be81ba8 Easy File Sharing FTP Server Directory Traversal 2017-03-08 17:59:27 +02:00
juushya 0b5da60564 Added nil check + formatting edits 2017-03-07 02:17:21 +05:30
juushya d99d81992f Added nil check + formatting edits 2017-03-07 02:16:01 +05:30
juushya 05efb61d3b Added nil check + formatting edits 2017-03-07 02:14:18 +05:30
juushya 62b0efd99d Added nil check + formatting edits 2017-03-07 01:44:23 +05:30
juushya 9a5ab604e5 Added nil check + formatting edits 2017-03-07 01:21:07 +05:30
juushya 2d8e3c73f5 Minor edits 2017-03-07 00:20:05 +05:30
juushya 3ab214e758 Minor edits 2017-03-07 00:03:24 +05:30
juushya e8460c3b94 Minor edit 2017-03-03 02:37:20 +05:30
juushya fafd35330d Add epmp1000 dump hashes module 2017-03-03 02:22:34 +05:30
juushya c6e65b1521 Minor edits 2017-03-03 02:00:19 +05:30
juushya 6bd09c142f Minor edits 2017-03-03 00:53:17 +05:30
juushya c9a354b844 Added nil checks 2017-03-01 20:18:51 +05:30
wchen-r7 69c7b0168c Restore USERNAME and PASSWORD options for owa_login
Requested by our own pentesters, the username & password options
should be restored so users can more easily try one password but
multiple users.
2017-02-27 15:04:06 -06:00
h00die 43550b8cdf fixing line length 2017-02-23 19:55:23 -05:00
h00die 041238f77c
land #7896 Binom3 power meter scanner and brute 2017-02-23 19:49:50 -05:00
jvoisin 73eed104a9 Take into account @h00die's comments. 2017-02-20 13:22:20 +01:00
jvoisin 7bd6aff1cf Add a sploit for CVE-2017-5982 2017-02-19 21:57:27 +01:00
Brent Cook e4c324c988
Land #7941, treat a user with no mailbox as a valid credential anyway 2017-02-17 17:09:57 -06:00
juushya e6bfbb7c78 Added random cookie gen, res checks, & minor updates 2017-02-12 16:55:11 +05:30
juushya 906ca6c24e Add Carlo Gavazzi module 2017-02-11 11:18:43 +05:30
James Barnett 94a234e5bf
Specify sname as http/https to keep with standards throughout the code. 2017-02-10 17:31:08 -06:00
jakxx 58779f0aaf owa_login no mailbox bugfix
The owa_login module currently misses a success condition where the
creds are valid but there is no mailbox setup. This commit adds the
check for the condition for OWA 2013.
2017-02-09 21:35:58 -05:00
wchen-r7 4a9a8adaa1
Land #7928, http_version now stores the fingerprints 2017-02-09 16:28:51 -06:00
James Lee 4f13bde471
Override `empty?` for the weird ones
Fixes #7899
2017-02-09 14:57:20 -06:00
Christian Mehlmauer 8ade9b8aae
Land #7905, WordPress content injection module 2017-02-09 15:49:50 +01:00
William Vu cf395ea7b1 Make error checks more consistent 2017-02-08 18:00:44 -06:00
William Vu 0d56676690 Add error check for listing posts 2017-02-08 17:13:12 -06:00
William Vu 766e7b013d Once more, with feeling 2017-02-08 09:17:37 -06:00
William Vu a71b097e6b Revert status iteration, since it doesn't work
Also.
2017-02-08 09:13:42 -06:00
William Vu 6b2a995a7d Revert AutoPublish, since it doesn't work
Apparently.
2017-02-08 07:43:17 -06:00
William Vu df38a91fbd Be nice and parse JSON for the error 2017-02-08 07:37:09 -06:00
William Vu befe224c58 Use wordpress_and_online? before actions 2017-02-08 07:24:57 -06:00
William Vu 46ab03f528 Add SearchTerm to filter listed posts 2017-02-08 06:10:46 -06:00
William Vu 064420075f Update diagnostics and print better header 2017-02-08 04:54:25 -06:00
William Vu 6df55c9733 Gotta catch 'em (post statuses) all 2017-02-08 04:31:06 -06:00
William Vu 7583d050b7 Add AutoPublish to publish updated posts 2017-02-08 04:01:42 -06:00
William Vu e480107bd5 Add PostCount (default 100) to list more posts 2017-02-08 03:52:20 -06:00
William Vu 13f4b0d7ae Be more specific with invalid post ID 2017-02-08 02:18:52 -06:00
William Vu 6f4ff89218 Add WPVDB reference 2017-02-07 18:33:58 -06:00
jvoisin 96f7b2e245 http_version now store the fngerprints
Currently, the `http_version` module doesn't store the fingerprints
into the database; this commit should fix this behaviour.
2017-02-07 18:36:36 +01:00
William Vu b4056a110b Print diagnostics if no posts found/given 2017-02-07 04:37:05 -06:00
William Vu e1ade9caf8
Land #7910, closed ports fix for TCP portscan 2017-02-07 02:23:15 -06:00
h00die f531366d89
Land #7790 an aux module to extract Meteocontrol Weblog admin password 2017-02-06 15:23:06 -05:00
William Vu 8af966a132 Add WordPress content injection module 2017-02-06 04:40:26 -06:00
MatToufoutu db77061719 do not add closed ports to database 2017-02-04 16:24:40 +01:00
juushya d305f895ff Fixed a typo space 2017-02-04 11:59:45 +05:30
juushya 36416c20cb Updated check for extract fail case now + Minor edits 2017-02-04 03:00:31 +05:30
juushya 34b861403e Minor updates 2017-02-04 01:44:18 +05:30
juushya 58a50d7dd1 Minor edits 2017-02-01 04:46:05 +05:30
juushya 6d6db2f40f Add epmp1000 dump config module 2017-02-01 04:42:47 +05:30
juushya 20a51371ce Minor Edits 2017-02-01 04:23:28 +05:30
juushya 423648e347 Minor edits 2017-02-01 03:53:14 +05:30
juushya 82d2777417 Minor update 2017-02-01 03:44:50 +05:30
juushya 59e31e26f2 Add Binom3 module 2017-02-01 03:35:35 +05:30
Brent Cook 3c9b1be649
Land #7883, Fix cisco_firepower_download to pass the username properly 2017-01-27 16:31:06 -06:00
Brent Cook 4480ea7877
Land #7827, Cisco Firepower Management Console LoginScanner 2017-01-27 16:26:40 -06:00
Brent Cook 171cc7d54e slight wording tweak 2017-01-27 16:26:23 -06:00
wchen-r7 e6de951e3e Fix cisco_firepower_download to pass the username properly 2017-01-27 16:25:34 -06:00
Brent Cook a4dd1fc846
Land #7805, Add CVE-2016-6435 - Cisco Firepower Management Console Dir Traversal 2017-01-27 16:09:14 -06:00
wchen-r7 781bc8420a Add Advantech WebAccess LoginScanner module 2017-01-26 13:54:50 -06:00
Brent Cook 836da6177f Cipher::Cipher is deprecated 2017-01-22 10:20:03 -06:00
Jin Qian b4d3e9da8d This closes #7849 on the confusing message.
Use result.proof which has the right message. Thanks to Wei for pointing it
2017-01-19 15:39:10 -06:00
wchen-r7 82ab4fc630 Update cisco_firepower_download module & documentation 2017-01-17 13:58:10 -06:00
juushya 7791c58d5c rubocop check & msftidy run clean. Minor updates. 2017-01-17 01:10:39 +05:30
juushya 657c7444bf rubocop check & msftidy clean. Few updates. 2017-01-17 00:17:57 +05:30
wchen-r7 a687073416 Add Cisco Firepower Management Console LoginScanner 2017-01-13 16:59:20 -06:00
wchen-r7 18347a8de7
Land #7774, Fix pivoting of UDP sockets in scanners 2017-01-10 13:57:28 -06:00
wchen-r7 8194603725 Add CVE-2016-6435 - Cisco Firepower Management Console Dir Traversal 2017-01-09 14:39:37 -06:00
juushya 93168648b4 Minor update in description 2017-01-08 13:28:07 +05:30
juushya 4133a6fa97 Minor cleanup, msftidy check 2017-01-07 03:57:46 +05:30
dmohanty-r7 5cba9b0034
Land #7747, Add LoginScanner module for BAVision IP cameras 2017-01-06 16:25:44 -06:00
juushya ba8394ecc1 Minor updates 2017-01-06 15:34:17 +05:30
juushya 39423a70a7 Add Meteocontrol Weblog Extract Admin password module 2017-01-06 15:20:41 +05:30
juushya c5acda0a22 Fixed the file permissions 2017-01-05 04:40:41 +05:30
juushya c15b77c31b Add Cambium ePMP 1000 Login Scanner module 2017-01-05 04:19:32 +05:30
Brent Cook 04a026e786 remove lies from module, this is a bound socket 2017-01-02 09:47:18 -06:00
Brent Cook fdca963b61 check if the socket exists before closing 2016-12-30 14:59:31 -06:00
wchen-r7 144f886e8b Add LoginScanner module for BAVision IP cameras 2016-12-23 16:22:17 -06:00
William Vu 0589948a73 Remove other rhost (oops) and fail_with 2016-12-23 16:10:21 -06:00
Jin Qian da9ea0b85c Change the PCRE. 2016-12-16 15:41:10 -06:00
dmohanty-r7 f74fd9e5dd
Land #7672, support LOCKED_OUT and DISABLED login status 2016-12-16 15:11:05 -06:00
jinq102030 378d8aea36 Merge pull request #7697 from h00die/fix_colorado
Fix ftp traversal error conditions
2016-12-16 13:51:15 -06:00